Slashdot Mirror
Bagle/Beagle Variant Includes Source Code
NASAdude writes "Sunday brought a lot of fireworks... and the release of two new Bagle/Beagle variants. One of the variants includes a copy of its source code as an attachment as it spreads via email. It is expected the inclusion of the source will result in numerous variants.
It's been dubbed Beagle.Y and Beagle.Z by Symantec and Bagle.ad and Bagle.ae by McAfee.
ZDNet ran a story that covers these new variants."
....to say that 'open source' is bad?. In all seriousness - what is the end to all this?
Humans have such a good sense of humor!
VBscript or WSH which is inherently Open Source on Windows?
<nitpick>Open-source is a type of licensing; VBScript is a language, and WSH a technology, not licensing regimes. Typically the source-code for a VBScript app is distributed with the application, but not necessarily - it might be obfuscated - but might well be subject to proprietary licensing restrictions.
Just because you can see the source code doesn't make it open source. Open source implies certain freedoms that are additional to being able to see the code: the right to modify and redistribute the code, for example.
</nitpick>
This is where the serious fun begins.
So far you could spot a viurs author by the "evidence" that he had the source code of the virus on his PC. Now everybody has the source. I guess we need bigger jails soon.
(example given in MIPS since it is the only assembler I know)
well think about this the kiddy scripter does not need to know that li is load imedate but all he needs to know is 24 is the register, do not touch, and 1025 is the port, change to a new port to try.
All it means is that there are still clueless people using computers. I already know that. Sometimes I think it's a damn shame viruses can't do the kind of real, permanent damage that shocks a clue into people -- if there is such a thing. For once I'm actually wishing for a SCO story.
Please, please, please, I know I'm preaching to the choir here, but please, for crying out loud, please if anyone ever asks you about buying a new computer, just point them towards the nearest Apple authorised reseller. If they complain about the price, point out that the inherent usability and security designed into Mac OS X from the ground up will more than pay for itself in terms of not cursing and screaming at the damn thing every time you boot it up. If that doesn't work, mention that Macs are prettier. If that still doesn't work, give them six months tops before you're saying "I told you so".
Windows may be popular but that doesn't make it any good.
Je fume. Tu fumes. Nous fûmes!
I'm so glad my entire network is running Linux. :) I swear there is some major virus every goddamn week. Linux has it's own problems, but I am glad I can do something about them. I wonder how long it will take for businesses to realize that running around chasing exploits and viruses isn't a good way to make use of your technical support staff time.
-Mind
Result: Users become even more reluctant to patch their systems. Either your worm does what it's supposed to do, then users have less reason to patch their system, or it does not work as expected, then it's just another worm which AV companies have to add to the databases.
Oddly enough, had something like that happen to one of our agents. He called in to complain that he couldn't get any work done. Every few seconds, his PC would pop up a little window saying "Scanning outgoing EMail" and lock up for a moment. Then the window would disappear and everything would be back to normal. Until the window reappeared.
Turned out he'd picked up a mass mailing virus. He had Norton AV installed, but hadn't wanted to pay to keep his virus defs updated. Norton was scanning every outgoing EMail, but didn't see anyting it recognized and let them all pass through.
I told the guy he'd have to pay to update his virus defs in order to fix the thing. Actually, Norton offers a free remover for that particular virus, but I didn't want the guy calling me back in another two weeks with a different virus.
I am NOT a man!
I am a free number!
Man, if the author could be turned to the Light Side though... small, efficient windows applications, well written in assembler... sounds like Steve Gibson's Evil Twin.
Really, that's a little unfair. I mean, not patching has been relatively consequence free for quite a while now. Suddenly dooming them right away is a bit harsh.
Rather, I'd create a small family of malwares, and have each one leave behind some indication of that it had been there. Do it in some way that the virus scanners may have a hard time cleaning it up. Also, notify the users that they've been hit. Tell them this is their last chance to repent. Give them pointers to resources to help them repent. Remember, the end is near...
After people have been duly warned by worms and viruses that have had their chance to spread and die out, I'd release the punisher malware. Something nasty, a blended threat type thing using all the latest techniques to spread. Now, this would be the one with the payload. It would look for evidence that you'd been hit with one of the previous malwares, and assign points based on how they got in, and if they were cleaned up. Say 1 point for getting infected by a zero-day exploit in Opera that you've since cleaned up after, but 100 points for getting hit by an email worm which proudly announces "I am a virus. Do not click on the pretty linkey and run me!" or somesuch. Points can also be assigned based on what software is on the system. A machine loaded with spyware, or infected with other viruses gets more points. One with a firewall or behind a NAT box gets a deduction.
Now what is the purpose of the points, you ask? A person collecting many points gets their machine fubar'ed. A person with no points gets a notice of how our nasty nasty worm got in, and help cleaning it up. People in between perhaps get all their valuable MP3s scrambled, or something. You get the picture.
Now, one really can't say that everyone hasn't recieved warning, now. Everyone who got infected previously got notice, and help to change their wicked ways. Of course, some people are rather dense. So, after a few months, we'd have to start over again. Sure, it'll be harder, since many people will have wised up (I hope so), but many probably won't. This time around, however, the stick should come closer in time to the bad behaviour. Reinforcement learning works better that way. Additionally, I think the standards for who gets the smackdown should be lowered. Frag'ing their systems for incrementially smaller violations every cycle will hopefully get people to shape up. After a while, it won't matter--an unpatched system won't last long in such a hostile environment. And if the software is just inheirently insecure *cough*IEandActiveX*cough* then the best thing to do is just not run it.
Sadly, this won't teach anyone. Especially those runninng "alternative" software--be it application or OS. Apple's customers are rather poor at running anti-virus software. One can't blame them--there isn't much reason to. I myself don't worry about email viruses at all--that's because I read my mail with Pine. On a Sparc. Somebody else's Sparc, where I don't keep any valuable data. Now, I'm sure Pine has some sort of exploitable bugs in it. With all of the MS PC's either patched or nuked to oblivion, what's a poor virus writer to do?
That's just my 2 cents
1) Create worm that infects millions of computers.
2) Claim users have installed your software without puchasing a license. Threaten to sue unless $699 fee is paid per machine.
3) Profit!
Oh my...
=Smidge=
*sigh* Please don't release another anti-virus-virus. The last one was at least as much a pain as the one it was supposed to cure.
The McAfee virus info page says that the source code is encrypted. Assuming the author used something sound like PGP, we'll probably never see the source code.
If it's encrypted, how did they find out it's source code? They must have already cracked it.
"Why Subscribe?" Good question...
"Don't you suppose the right to redistribute is granted pretty much automatically for a virus?"
How amusing if it weren't. Maybe the authors could be prosecuted for circumventing a protection device *on their own property*. The sound of mental fuses popping would be deafening.
What benefit to the virus writer is there in that? I look at this as a sign that the virus industry has "matured" past the point of petty vandalism to theft of service.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Unless the author is dumb enough to reveal himself by suing you for copyright infringement, it's public domain.
The shareholder is always right.
That approach, while fine twenty years ago, isn't at all realistic today. Today PCs are sold as something which is easy to use and useful for everyone. And they should be. The fact that they aren't is the problem of the people who designed/implemented things badly in the first place.
Given that all most people want a PC for is web browsing and email, why the f*ck haven't Microsoft come up with an OS which can do that, and just that, without any security risks at all? This puzzles me somewhat.
Regardless, the problem mostly lies with the laughable state of Windows, not with the users. Sure, they could be more careful -- but on a fresh Windows install you need to be more than careful, you need to be damn good to keep it secure.
Does it also point out where to get an assembler? I suspect that'll be a barrier of entry for a lot of kiddies.
I cannot tell if you are being sarcastic or serious so I will assume that you are serious.
Just about every skript kiddiot out there has a copy of MASM, TASM and/or NASM on his machine. If you do not believe me then you are underestimating the average skript kiddy. Go hang out in some script kiddy message boards or especially IRC and you will see that they may be obnoxious little scum but they are not quite as naive and incompetant as you make them out to be.